Application Serial No. 10/087,807 

Response to a Notice of Non-Compliant Amendment filed April 17, 2008 
Reply to Notice of Non-Compliant Amendment mailed April 14, 2008 



IN THE CLAIMS: 

The text of all pending claims, (including withdrawn claims) is set forth below. Cancelled 
and not entered claims are indicated with claim number and status only. The claims as listed 
below show added text with underlining and deleted text with str i koth rough . The status of each 
claim is indicated with one of (original), (currently amended), (cancelled), (withdrawn), (new), 
(previously presented), or (not entered). 

1 . (previously presented) A filtering apparatus which is interposed between a client 
and a server providing a service in accordance with each of access requests from the client, and 
which transmits only a legal access request among the access requests to the server, the 
filtering apparatus comprising: 

an illegal pattern database which stores patterns of illegal accesses to the server; 

a pattern estimation unit which estimates legality of an access request based on the 
illegal access patterns stored in the illegal pattern database and on a predetermined pattern 
estimation rule; 

a pattern determination unit which determines whether each access request is to be 
transmitted to the server based on the estimation by the pattern estimation unit and on a 
predetermined pattern determination rule, the pattern determination unit producing a 
determination result; and 

a transmission unit which controls transmission of the access request based on the 
determination result of the pattern determination unit so as to transmit the access request to the 
server when the access request is estimated to be legal, and so as to reject transmission of the 
access request to the server and so as to abandon the access request when the access request 
is estimated to be illegal; wherein 

the pattern estimation unit calculates a predetermined estimation value according to a 
degree of correspondence of the access requests to the illegal access patterns stored in the 
illegal pattern database; and 

the pattern determination unit compares the estimation value calculated by the pattern 
estimation unit with a predetermined threshold value, and determines whether the access 
request is to be transmitted to the server. 

2. (Original) The filtering apparatus according to claim 1 , wherein 

the pattern estimation unit estimates that each of the access requests is an illegal access 
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if the access request corresponds to any one of the illegal access patterns stored in the illegal 
pattern database, and estimates that the access request is a legal access if the access request 
does not correspond to any one of the illegal access patterns stored in the illegal pattern 
database; and 

the pattern determination unit determines that the access request estimated as the illegal 
access by the pattern estimation unit is not to be transmitted to the server, and determines that 
the access request estimated as the legal access by the pattern estimation unit is to be 
transmitted to the server. 

3. (Cancelled). 

4. (Original) The filtering apparatus according to claim 1 , further comprising: 
a legal pattern database which stores patterns of legal accesses to the server; and 
a predetermination unit which predetermines whether each of the access requests 

corresponds to any one of the legal access patterns stored in the legal pattern database before 
the estimation unit estimates the legality of the access request, 

wherein the pattern estimation unit estimates the legality of only the access request 
determined not to correspond to any one of the legal access patterns by the predetermination 
unit. 

5. (Cancelled). 

6. (Original) The filtering apparatus according to claim 1 , further comprising a 
storage unit which stores each of the access requests determined not to be transmitted to the 
server by the pattern determination unit, in a predetermined storage medium based on a 
predetermined storage rule. 

7. (Original) The filtering apparatus according to claim 1 , further comprising a 
update unit which updates the illegal pattern database, the legal pattern database, the pattern 
estimation rule, the pattern determination rule, the external transmission rule, the storage rule, or 
a predetermined update rule, based on the predetermined update rule. 

8. (Original) The filtering apparatus according to claim 1 , further comprising: 

a statistically illegal request database which stores information on the access requests 
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considered to be illegal accesses from the statistic of the access requests for the server; 

a statistic estimation unit which estimates the legality of each of the access requests 
based on the information stored in the statistically illegal request database and on a 
predetermined statistic estimation rule; 

a statistic determination unit which determines whether the access request is to be 
transmitted to the server based on the estimation result of the estimation unit and on a 
predetermined determination rule; and 

an access request transmission unit which transmits, as a legal access request, only the 
access request determined to be transmitted to the server by the pattern and statistic 
determination units, to the server. 

9. (Original) The filtering apparatus according to claim 8, wherein 

the statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests within a predetermined time, the number of the access 
requests exceeding a predetermined number, among the clients who transmit the access 
requests to the server; 

the statistic estimation unit estimates that each of the access requests is the illegal 
access if the transmitting end information on the access request corresponds to any one of the 
transmitting end information stored in the statistically illegal request database, and estimates that 
the access request is the legal access if the transmitting end information on the access request 
does not correspond to any one of the transmitting end information stored in the statistically 
illegal request database; and 

the statistic determination unit determines that the access request estimated as the 
illegal access by the statistic estimation unit is not to be transmitted to the server, and 
determines that the access request estimated as the legal access by the statistic estimation unit 
is to be transmitted to the server. 

10. (Original) The filtering apparatus according to claim 8, wherein 

the statistically illegal request database stores request contents of the access requests 
within a predetermined time, the number of the access requests of each request content 
exceeding a predetermined number, among request contents of the access requests transmitted 
to the server; 

the statistic estimation unit estimates that the access request of each of the access 
requests is the illegal access if the request content of the access request corresponds to any 
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one of the request contents stored in the statistically illegal request database, and estimates that 
the access request is the legal access if the request content of the access request does not 
correspond to any one of the request contents stored in the statistically illegal request database; 
and 

the statistic determination unit determines that the access request estimated as the 
illegal access by the statistic estimation unit is not to be transmitted to the server, and 
determines that the access request estimated as the legal access by the statistic estimation unit 
is to be transmitted to the server. 

1 1 . (Original) The filtering apparatus according to claim 8, wherein 

the statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests, the number of which exceeds a predetermined number 
within a predetermined time, among the clients who transmit the access requests to the server, 
and stores request contents of the access requests, the number of which exceeds a 
predetermined number within a predetermined time, among the request contents of the access 
requests transmitted to the server; 

the statistic estimation unit estimates that each of the access requests is the illegal 
access if the transmitting end information on the access request corresponds to any one of the 
transmitting end information stored in the statistically illegal request database or the request 
content of the access request corresponds to any one of the request contents stored in the 
statistically illegal request database, and estimates that the access request is the legal access if 
the transmitting end information on the access request does not correspond to any one of the 
transmitting end information stored in the statistically illegal request database and the request 
content of the access requests does not correspond to any one of the request contents stored in 
the statistically illegal request database; and 

the statistic determination unit determines that the access request estimated as the 
illegal access by the statistic estimation unit is not to be transmitted to the server, and 
determines that the access request estimated as the legal access by the statistic estimation unit 
is to be transmitted to the server. 

12. (Original) The filtering apparatus according to claim 8, wherein 

the statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests, the number of which exceeds a predetermined number 
within a predetermined time, among the clients who transmit the access requests to the server, 
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and stores request contents of the access requests, the number of which a predetermined 
number within a predetermined time, among the request contents of the access requests 
transmitted to the server; 

the statistic estimation unit calculates a predetermined estimation value according to a 
degree to which the transmitting end information on each of the access requests to the request 
content of the access request correspond to the transmitting end information and the request 
contents stored in the statistically illegal request database, respectively; and 

the statistic determination unit compares the estimation value calculated by the statistic 
estimation unit with a predetermined threshold value, and determines whether the access 
request is to be transmitted to the server. 

13. (Original) The filtering apparatus according to claim 8, wherein the statistic 
estimation unit estimates the legality of only the access request determined to be transmitted to 
the server by the pattern determination unit. 

14. (Original) The filtering apparatus according to claim 8, wherein the pattern 
estimation unit estimates the legality of only the access request determined to be transmitted to 
the server by the statistic determination unit. 

15. (Original) The filtering apparatus according to claim 8, wherein the 
predetermination unit predetermines whether only the access request determined to be 
transmitted to the server by the statistic determination unit corresponds to any one of the legal 
access patterns stored in the legal pattern database. 

1 6. (Original) The filtering apparatus according to claims 8, further comprising a 
external transmission unit which transmits the access requests which are not transmitted to the 
server by the access request transmission unit, to the predetermined external device based on a 
predetermined external transmission rule. 

1 7. (Original) The filtering apparatus according to claim 8, further comprising a 
storage unit which stores the access requests which are not transmitted to the server by the 
access request transmission unit, to the predetermined storage medium based on a 
predetermined storage rule. 
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1 8. (Original) The filtering apparatus according to claim 8, further comprising a 
update unit which updates the statistically illegal request database, the statistic estimation rule, 
the statistic determination rule, the external transmission rule, and at least one of the storage 
rule and a predetermined update rule, based on at least one of the predetermined update rule 
and the statistic of the access requests to the server. 

19. (Original) The filtering apparatus according to claim 18, wherein the update unit 
performs any one or both of addition and deletion of at least one of the transmitting end 
information and the request contents stored in the statistically illegal request database, 
according to any one or both of the number of access requests for each client who transmits the 
access requests to the server within the predetermined time and the number of access requests 
for each request content of the access requests transmitted to the server within the 
predetermined time. 

20. (Original) The filtering apparatus according to claim 1 , further comprising: 

an illegal response database which stores patterns of illegal responses which should not 
be transmitted to each of the clients among the responses transmitted from the server to each of 
the clients as the service in accordance with the respective access requests; 

a response estimation unit which estimates the legality of each of the responses based 
on the illegal response patterns stored in the illegal response database and a predetermined 
response estimation rule; 

a response determination unit which determines whether the response is to be 
transmitted to the client based on an estimation result of the response estimation unit and on a 
predetermined response determination rule; and 

a response transmission unit which transmits, as a legal response, only the response 
determined to be transmitted to the client by the response determination unit, to the client. 

21 . (Original) The filtering apparatus according to claim 20, wherein 

the response estimation unit estimates that the response is an illegal response if the 
response corresponds to any one of the illegal response patterns stored in the illegal response 
database, and estimates that the response is a legal response if the response does not 
correspond to any one of the illegal response patterns stored in the illegal response database; 
and 

the response determination unit determines that the response estimated as the illegal 
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response by the response estimation unit, is not to be transmitted to the client, and determines 
that the response estimated as the legal response by the response estimation unit, is to be 
transmitted to the client. 

22. (Original) The filtering apparatus according to claim 20, wherein 

the response estimation unit calculates a predetermined estimation value according to a 
degree to which the response corresponds to the illegal response patterns stored in the illegal 
response database; and 

the response determination unit compares the estimation value calculated by the 
response estimation unit with a predetermined threshold value, and determines whether the 
response is to be transmitted to the client. 

23. (Original) The filtering apparatus according to claim 20, further comprising an 
external transmission unit which transmits at least one of the response that is not transmitted to 
the client by the response transmission unit and the access request causing the response, to a 
predetermined external device based on a predetermined external transmission rule. 

24. (Original) The filtering apparatus according to claim 20, further comprising an 
storage unit which stores at least one of the response that is not transmitted to the client by the 
response transmission unit and the access request causing the response, in the predetermined 
storage medium based on a predetermined storage rule. 

25. (Original) The filtering apparatus according to claim 20, further comprising an 
update unit which updates the illegal response database, the response estimation rule, the 
response determination rule, the external transmission rule, and at least one of the storage rule 
and a predetermined update rule, based on a predetermined update rule. 

26. (Original) The filtering apparatus according to claim 1 , further comprising an 
access request decryption unit which decrypts an access request which has been subjected to a 
predetermined encryption processing, 

wherein the pattern estimation unit, the predetermination unit or the statistic estimation 
unit estimates or determines the access request decrypted by the access request decryption 
unit. 
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27. (Original) The filtering apparatus according to claim 26, wherein if only the legal 
access request among the access requests is to be transmitted to the server, not the access 
request decrypted by the access request decryption unit but the access request which has been 
subjected to the predetermined encryption processing is transmitted to the server. 

28. (Original) The filtering apparatus according to claim 26, further comprising a 
response decryption unit which decrypts a response which has been subjected to a 
predetermined encryption processing, wherein the response estimation unit estimates the 
response decrypted by the response decryption unit. 

29. (Original) The filtering apparatus according to claim 28, wherein if only the legal 
response among the responses is to be transmitted to the client, not the response decrypted by 
the response decryption unit but the response which has been subjected to the predetermined 
encryption processing is transmitted to the client. 

30. (Original) The filtering apparatus according to claim 1 , further comprising: 

a pseudo-response database which stores pseudo-responses corresponding to the 
patterns of the illegal accesses to the server, respectively, and each indicating that the 
corresponding illegal access is successful or successfully proceeding; 

a pseudo-response creation unit which creates pseudo-responses corresponding to the 
patterns of the access requests, each of which is determined as the illegal access and is not 
transmitted to the server, respectively while referring to the pseudo-response database; and 

a pseudo-response transmission unit which transmits the pseudo-responses created by 
the pseudo-response creation unit to the clients, respectively. 

31 . (Original) The filtering apparatus according to claim 1 , further comprising: 

a decoy unit which receives the access requests each of which is determined as the 
illegal access and is not transmitted to the server, and creates, as a decoy of the sever, pseudo- 
responses each indicating that the corresponding illegal access is successful or successfully 
proceeding; and 

a pseudo-response transmission unit which transmits the pseudo-responses created by 
the decoy unit to the clients, respectively. 

32. (Original) The filtering apparatus according to claim 1 , further comprising: 
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a pseudo-response database which stores pseudo-responses corresponding to the 
patterns of the illegal accesses to the server, respectively, and each indicating that the 
corresponding illegal access is successful or successfully proceeding; 

a pseudo-response creation unit which creates pseudo-responses corresponding to the 
illegal access patterns stored in the pseudo-response database among the access requests 
each of which is determined as the illegal access and is not transmitted to the server; 

a decoy unit which receives the access requests which do not correspond to the illegal 
access patterns stored in the pseudo-response database among the access requests each of 
which is determined as the illegal access and is not transmitted to the server, and creates, as a 
decoy of the sever, pseudo-responses each indicating that the corresponding illegal access is 
successful or successfully proceeding; and 

a pseudo-response transmission unit which transmits the pseudo-responses created by 
the pseudo-response creation unit or the decoy unit to the clients, respectively. 

33. (previously presented) A filtering method used on a client and a server providing 
a service in accordance with each of access requests from the client, and which transmits only a 
legal access request among the access requests to the server, the method comprising: 

a pattern estimation step of referring to an illegal pattern database which stores patterns 
of illegal accesses to the server, and estimating legality of an access request based on the 
illegal access patterns referred to and on a predetermined pattern estimation rule; 

a pattern determination step of determining whether the access request is to be 
transmitted to the server based on an estimation result at the pattern estimation step and on a 
predetermined pattern determination rule; and 

a transmission controlling step of controlling transmission of the access request based 
on determination result of the pattern determination step so as to transmit the access request to 
the server when the access request is estimated to be legal, and so as to reject transmission of 
the access request to the server and so as to abandon the request when the access request is 
estimated to be illegal; wherein 

the pattern estimation step includes calculating a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal access patterns 
stored in the illegal pattern database; and 

the pattern determination step includes comparing the estimation value calculated in the 
pattern estimation step with a predetermined threshold value, and determining whether the 
access request is to be transmitted to the server. 
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34. (Original) The filtering method according to claim 33, wherein 

the pattern estimation step includes estimating that each of the access requests is an 
illegal access if the access request corresponds to any one of the illegal access patterns stored 
in the illegal pattern database, and estimating that the access request is a legal access if the 
access request does not correspond to any one of the illegal access patterns stored in the illegal 
pattern database; and 

the pattern determination step includes determining that the access request estimated as 
the illegal access in the pattern estimation step is not to be transmitted to the server, and 
determining that the access request estimated as the legal access in the pattern estimation step 
is to be transmitted to the server. 

35. (Cancelled). 

36. (Original) The filtering method according to claim 33, further comprising a 
predetermination step of referring to a legal pattern database which stores patterns of legal 
accesses to the server, and determining whether each of the access requests corresponds to 
any one of the legal access patterns stored in the legal pattern database before the legality of 
the access request is estimated in the estimation step, 

wherein the pattern estimation step includes estimating the legality of only the access 
request determined not to correspond to any one of the legal access patterns in the 
predetermination step. 

37. (Cancelled). 

38. (Original) The filtering method according to claim 33, further comprising a 
storage step of storing each of the access requests determined not to be transmitted to the 
server in the pattern determination step, in a predetermined storage medium based on a 
predetermined storage rule. 

39. (Original) The filtering method according to claim 33, further comprising an 
update step of updating the illegal pattern database, the legal pattern database, the pattern 
estimation rule, the pattern determination rule, the external transmission rule, the storage rule, or 
a predetermined update rule, based on the predetermined update rule. 
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40. (Original) The filtering method according to claim 33, further comprising: 

a statistic estimation step of referring to a statistically illegal request database which 
stores information on the access requests considered to be illegal accesses from the statistic of 
the access requests for the server, and estimating the legality of each of the access requests 
based on a predetermined statistic estimation rule; 

a statistic determination step of determining whether the access request is to be 
transmitted to the server based on the estimation in the estimation step and on a predetermined 
determination rule; and 

an access request transmission step of transmitting, as a legal access request, only the 
access request determined to be transmitted to the server in the pattern and statistic 
determination steps, to the server. 

41 . (Original) The filtering method according to claim 40, wherein 

the statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests, the number of which exceeds a predetermined number 
within a predetermined time, among the clients who transmit the access requests to the server; 

the statistic estimation step includes estimating that each of the access requests is the 
illegal access if the transmitting end information on the access request corresponds to any one 
of the transmitting end information stored in the statistically illegal request database, and 
estimating that the access request is the legal access if the transmitting end information on the 
access request does not correspond to any one of the transmitting end information stored in the 
statistically illegal request database; and 

the statistic determination step includes determining that the access request estimated 
as the illegal access in the statistic estimation step is not to be transmitted to the server, and 
determining that the access request estimated as the legal access in the statistic estimation step 
is to be transmitted to the server. 

42. (Original) The filtering method according to claim 40, wherein 

the statistically illegal request database stores request contents of the access requests, 
the number of which exceeds a predetermined number within a predetermined time, among the 
request contents of the access requests transmitted to the server; 

the statistic estimation step includes estimating that each of the access requests is the 
illegal access if the request content of the access request corresponds to any one of the request 
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contents stored in the statistically illegal request database, and estimating that the access 
request is the legal access if the request content of the access request does not correspond to 
any one of the request contents stored in the statistically illegal request database; and 

the statistic determination step includes determining that the access request estimated 
as the illegal access in the statistic estimation step is not to be transmitted to the server, and 
determining that the access request estimated as the legal access in the statistic estimation step 
is to be transmitted to the server. 

43. (Original) The filtering method according to claim 40, wherein 

the statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests, the number of which exceeds a predetermined number 
within a predetermined time, among the clients who transmit the access requests to the server, 
and stores request contents of the access requests, the number of which exceeds a 
predetermined number within a predetermined time, among the request contents of the access 
requests transmitted to the server; 

the statistic estimation step includes estimating that each of the access requests is the 
illegal access if the transmitting end information on the access request corresponds to any one 
of the transmitting end information stored in the statistically illegal request database, or if the 
request content of the access request corresponds to any one of the request contents stored in 
the statistically illegal request database, and estimating that the access request is the legal 
access if the transmitting end information on the access request does not correspond to any one 
of the transmitting end information stored in the statistically illegal request database, and if the 
request content of the access requests does not correspond to any one of the request contents 
stored in the statistically illegal request database; and 

the statistic determination step includes determining that the access request estimated 
as the illegal access in the statistic estimation step is not to be transmitted to the server, and 
determining that the access request estimated as the legal access in the statistic estimation step 
is to be transmitted to the server. 

44. (Original) The filtering method according to claim 40, wherein 

the statistically illegal request database stores transmitting end information on the clients 
each of which issues access requests, the number of which exceeds a predetermined number 
within a predetermined time, among the clients who transmit the access requests to the server, 
and stores request contents of the access requests, the number of which exceeds a 
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predetermined number within a predetermined time, among the request contents of the access 
requests transmitted to the server; 

the statistic estimation step includes calculating a predetermined estimation value 
according to a degree to which the transmitting end information on each of the access requests 
to the request content of the access request correspond to the transmitting end information and 
request contents stored in the statistically illegal request database, respectively; and 

the statistic determination step includes comparing the estimation value calculated in the 
statistic estimation step with a predetermined threshold value, and determining whether the 
access request is to be transmitted to the server. 

45. (Original) The filtering method according to claim 40, wherein the statistic 
estimation step includes estimating the legality of only the access request determined to be 
transmitted to the server in the pattern determination step. 

46. (Original) The filtering method according to claim 40, wherein the pattern 
estimation step includes estimating the legality of only the access request determined to be 
transmitted to the server in the statistic determination step. 

47. (Original) The filtering method according to claim 40, wherein the 
predetermination step includes predetermining whether only the access request, determined to 
be transmitted to the server in the statistic determination step, corresponds to any one of the 
legal access patterns stored in the legal pattern database. 

48. (Original) The filtering method according to claim 40, further comprising an 
external transmission step of transmitting the access requests which are not transmitted to the 
server in the access request transmission step, to the predetermined external device based on a 
predetermined external transmission rule. 

49. (Original) The filtering method according to claim 40, further comprising a 
storage step of storing the access requests which are not transmitted to the server in the access 
request transmission step, to the predetermined storage medium based on a predetermined 
storage rule. 

50. (Original) The filtering method according to claim 40, further comprising an 
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update step of updating the statistically illegal request database, the statistic estimation rule, the 
statistic determination rule, the external transmission rule, and at least one of the storage rule 
and a predetermined update rule, based on at least one of the predetermined update rule and 
the statistic of the access requests to the server. 

51 . (Original) The filtering method according to claim 50, wherein 

the update step includes any one or both of addition and deletion of at least one of the 
transmitting end information and the request contents stored in the statistically illegal request 
database, according to any one or both of the number of access requests for each client who 
transmits the access requests to the server within a predetermined time and the number of 
access requests for each request content of the access requests transmitted to the server within 
a predetermined time. 

52. (Original) The filtering method according to claim 33, further comprising: 

a response estimation step of referring to an illegal response database which stores 
patterns of illegal responses that should not be transmitted to each of the clients, among the 
responses transmitted from the server to each of the clients as the service according to the 
respective access requests, and estimating the legality of each of the responses based on the 
predetermined response estimation rule; 

a response determination step of determining whether the response is to be transmitted 
to the client based on an estimation in the response estimation step and on the predetermined 
response determination rule; and 

a response transmission step of transmitting, as a legal response, only the response 
determined to be transmitted to the client in the response determination step, to the client. 

53. (Original) The filtering method according to claim 52, wherein 

the response estimation step includes estimating that the response is an illegal response 
if the response corresponds to any one of the illegal response patterns stored in the illegal 
response database, and estimating that the response is a legal response if the response does 
not correspond to any one of the illegal response patterns stored in the illegal response 
database; and 

the response determination step includes determining that the response estimated as the 
illegal response in the response estimation step, is not to be transmitted to the client, and 
determining that the response estimated as the legal response in the response estimation step, 
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is to be transmitted to the client. 

54. (Original) The filtering method according to claim 52, wherein 

the response estimation step includes calculating a predetermined estimation value 
according to a degree to which the response corresponds to the illegal response patterns stored 
in the illegal response database; and 

the response determination step includes comparing the estimation value calculated in 
the response estimation step with a predetermined threshold value, and determining whether the 
response is to be transmitted to the client. 

55. (Original) The filtering method according to claim 52, further comprising an 
external transmission step of transmitting at least one of the response which is not transmitted to 
the client in the response transmission step and the access request causing the response, to a 
predetermined external device based on a predetermined external transmission rule. 

56. (Original) The filtering method according to claim 52, further comprising a 
storage step of storing at least one of the response which is not transmitted to the client in the 
response transmission step and the access request causing the response, in the predetermined 
storage medium based on a predetermined storage rule. 

57. (Original) The filtering method according to claim 52, further comprising an 
update step of updating the illegal response database, the response estimation rule, the 
response determination rule, the external transmission rule, at least one of the storage rule and 
a predetermined update rule, based on the predetermined update rule. 

58. (Original) The filtering method according to claim 33, further comprising an 
access request decryption step of decrypting an access request which has been subjected to a 
predetermined encryption processing, wherein 

the pattern estimation step, the predetermination step, or the statistic estimation step 
includes estimating or determining the access request decrypted in the access request 
decryption step. 

59. (Original) The filtering method according to claim 58, further comprising: 
transmitting not the access request decrypted in the access request decryption step but 
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the access request which has been subjected to the predetermined encryption processing, to 
the server if only the legal access request among the access requests is to be transmitted to the 
server. 

60. (Original) The filtering method according to claim 58, further comprising a 
response decryption step of decrypting a response which has been subjected to a 
predetermined encryption processing, wherein 

the response estimation step includes estimating the response decrypted in the response 
decryption step. 

61 . (Original) The filtering method according to claim 60, further comprising: 
transmitting not the response decrypted in the response decryption step but the response 

which has been subjected to the predetermined encryption processing, to the client if only the 
legal response among the responses is to be transmitted to the client. 

62. (Original) The filtering method according to claim 33, further comprising: 

a pseudo-response creation step of referring to a pseudo-response database which 
stores pseudo-responses corresponding to the patterns of the illegal accesses to the server, 
respectively, and each indicating that the corresponding illegal access is successful or 
successfully proceeding, and creating pseudo-responses corresponding to the patterns of the 
access requests, each of which is determined as the illegal access and is not transmitted to the 
server, respectively; and 

a pseudo-response transmission step of transmitting the pseudo-responses created in 
the pseudo-response creation step to the clients, respectively. 

63. (Original) The filtering method according to claim 33, further comprising: 

a decoy step of receiving the access requests each of which is determined as the illegal 
access and is not transmitted to the server, and creating, as a decoy of the sever, pseudo- 
responses each indicating that the corresponding illegal access is successful or successfully 
proceeding; and 

a pseudo-response transmission step of transmitting the pseudo-responses created in 
the decoy step to the clients, respectively. 

64. (Original) The filtering method according to claim 33, further comprising: 



Page 17 of 20 



Application Serial No. 10/087,807 

Response to a Notice of Non-Compliant Amendment filed April 17, 2008 
Reply to Notice of Non-Compliant Amendment mailed April 14, 2008 

a pseudo-response creation step of referring to a pseudo-response database which 
stores pseudo-responses corresponding to the patterns of the illegal accesses to the server, 
respectively, and each indicating that the corresponding illegal access is successful or 
successfully proceeding, and creating pseudo-responses corresponding to the illegal access 
patterns stored in the pseudo-response database among the access requests each of which is 
determined as the illegal access and is not transmitted to the server; 

a decoy step of receiving the access requests which do not correspond to the illegal 
access patterns stored in the pseudo-response database among the access requests each of 
which is determined as the illegal access and is not transmitted to the server, and creating, as a 
decoy of the sever, pseudo-responses each indicating that the corresponding illegal access is 
successful or successfully proceeding; and 

a pseudo-response transmission step of transmitting the pseudo-responses created in 
the pseudo-response creation step or the decoy step to the clients, respectively. 

65. (previously presented) A computer program containing instructions stored in a 
computer readable medium, which when executed on a computer causes the computer to 
perform a filtering method used on a client and a server providing a service in accordance with 
each of access requests from the client, and which transmits only a legal access request among 
the access requests to the server, the filtering method comprising: 

a pattern estimation step of referring to an illegal pattern database which stores patterns 
of illegal accesses to the server, and estimating legality of an access request based on the 
illegal access patterns referred to and on a predetermined pattern estimation rule; 

a pattern determination step of determining whether the access request is to be 
transmitted to the server based on an estimation result at the pattern estimation step and on a 
predetermined pattern determination rule; and 

a transmission controlling step of controlling transmission of the access request based 
on determination result of the pattern determination step so as to transmit the access request to 
the server when the access request is estimated to be legal, and so as to reject transmission of 
the access request to the server and so as to abandon the request when the access request is 
estimated to be illegal; wherein 

the pattern estimation step includes calculating a predetermined estimation value 
according to a degree of correspondence of the access requests to the illegal access patterns 
stored in the illegal pattern database; and 

the pattern determination step includes comparing the estimation value calculated in the 
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pattern estimation step with a predetermined threshold value, and determining whether the 
access request is to be transmitted to the server. 

66. (previously presented) A method of filtering, the method comprising: 
storing a pattern of illegal accesses to a server in an illegal pattern database; 
receiving a request for access; 

estimating a legality of the access request based on the illegal access pattern stored in 
the illegal pattern database and on a predetermined pattern estimation rule; 

determining whether the access request is to be transmitted to the server based on the 
estimation of the legality of the access request; wherein 

the estimating includes calculating a predetermined estimation value according to a 
degree of correspondence of the access request to the pattern of illegal access stored in the 
illegal pattern database; and 

the determining includes comparing the estimation value calculated in the estimating with 
a predetermined threshold value, and determining whether the access request is to be 
transmitted to the server. 

67. (previously presented) A method of filtering, the method comprising: 
estimating a legality of an access request based on an illegal access pattern stored in an 

illegal pattern database and on a predetermined pattern estimation rule; and 

determining whether the access request is to be abandoned based on the estimation of 

the legality of the access request; wherein 

the estimating includes calculating a predetermined estimation value according to a 

degree of correspondence of the access request to the pattern of illegal access stored in the 

illegal pattern database; and 

the determining includes comparing the estimation value to a predetermined threshold 

value, and determining whether the access request is to be abandoned. 

68 and 69. (Cancelled) 
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